Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2775da0b3f873cc…

MALICIOUS

PDF

57.2 KB Created: 2021-04-04 23:19:50 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 5705c08f493c0997870734e9b968cb67 SHA-1: cebf321a9f2a779f138fa1532074d96b3c564a45 SHA-256: b2775da0b3f873cc5e415df5e3ba95ae0082bfef9aa0ec9677999e735149635b
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a phishing or trojan payload. It contains an embedded URI pointing to a suspicious URL, likely intended to deliver a secondary payload or redirect the user to a malicious site. The document body, though partially garbled, suggests a lure related to 'Sorcery of Thorns' to entice downloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6699

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://ponafet.ru/award?keyword=sorcery+of+thorns+pdf+download
    • https://cdn-cms.f-static.net/uploads/4388820/normal_603df48fe397a.pdf
    • https://cdn.sqhk.co/rufebumu/c1oL1Tb/17640502204.pdf
    • https://cdn.sqhk.co/digijodaga/XC0wiJM/labyrinth_definition_thesaurus.pdf
    • http://vodoroding.info/stephen_king_it_2017_book_cover750pn.pdf
    • https://cdn-cms.f-static.net/uploads/4406191/normal_6052ecf4cdfb6.pdf
    • http://bestgirl69.com/ximuxagexaruawh.pdf
    • http://vizit.store/limidazgzmz.pdf
    • http://autobaff.xyz/zetawufunevubwiiy4.pdf
    • https://uploads.strikinglycdn.com/files/efdb4526-66b4-4eef-85bf-418d75a56e68/wayne_dyer_meditation_for_manifesting.pdf
    • https://uploads.strikinglycdn.com/files/1e21b65f-f153-45f2-b942-2ac7c0d15f9d/club_car_carryall_service_manual.pdf
    • https://uploads.strikinglycdn.com/files/80d1a2fa-f3f1-481d-ad48-e73f3f826c70/xidalapo.pdf
    • https://s3.amazonaws.com/jeponowon/gatudu.pdf
    • https://s3.amazonaws.com/juwofuxufijup/what_are_walkie_talkie_privacy_codes.pdf
    • https://uploads.strikinglycdn.com/files/2a89777b-a9f2-403f-96e8-5a6ad172a41c/59561283170.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.